Skip to content

Commit df341d4

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #841 from tam7t/automated-cherry-pick-of-#840-upstream-release-1.0
Automated cherry pick of #840: release: update manifests and helm chart for 1.0.1
2 parents 613b942 + a83f656 commit df341d4

13 files changed

+38
-42
lines changed

charts/secrets-store-csi-driver/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
apiVersion: v2
22
name: secrets-store-csi-driver
3-
version: 1.0.0
4-
appVersion: 1.0.0
3+
version: 1.0.1
4+
appVersion: 1.0.1
55
kubeVersion: ">=1.16.0-0"
66
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
77
icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png

charts/secrets-store-csi-driver/README.md

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,10 @@ The following table lists the configurable parameters of the csi-secrets-store-p
4747
| `fullnameOverride` | String to fully override secrets-store-csi-driver.fullname template with a string | `""` |
4848
| `linux.image.repository` | Linux image repository | `k8s.gcr.io/csi-secrets-store/driver` |
4949
| `linux.image.pullPolicy` | Linux image pull policy | `IfNotPresent` |
50-
| `linux.image.tag` | Linux image tag | `v1.0.0` |
50+
| `linux.image.tag` | Linux image tag | `v1.0.1` |
51+
| `linux.crds.image.repository` | Linux crds image repository | `k8s.gcr.io/csi-secrets-store/driver-crds` |
52+
| `linux.crds.image.pullPolicy` | Linux crds image pull policy | `IfNotPresent` |
53+
| `linux.crds.image.tag` | Linux crds image tag | `v1.0.1` |
5154
| `linux.affinity` | Linux affinity | `key: type; operator: NotIn; values: [virtual-kubelet]` |
5255
| `linux.driver.resources` | The resource request/limits for the linux secrets-store container image | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi` |
5356
| `linux.enabled` | Install secrets store csi driver on linux nodes | true |
@@ -58,12 +61,12 @@ The following table lists the configurable parameters of the csi-secrets-store-p
5861
| `linux.metricsAddr` | The address the metric endpoint binds to | `:8095` |
5962
| `linux.registrarImage.repository` | Linux node-driver-registrar image repository | `k8s.gcr.io/sig-storage/csi-node-driver-registrar` |
6063
| `linux.registrarImage.pullPolicy` | Linux node-driver-registrar image pull policy | `IfNotPresent` |
61-
| `linux.registrarImage.tag` | Linux node-driver-registrar image tag | `v2.3.0` |
64+
| `linux.registrarImage.tag` | Linux node-driver-registrar image tag | `v2.4.0` |
6265
| `linux.registrar.resources` | The resource request/limits for the linux node-driver-registrar container image | `limits: 100m CPU, 100Mi; requests: 10m CPU, 20Mi` |
6366
| `linux.registrar.logVerbosity` | Log level for node-driver-registrar. Uses V logs (klog) | `5` |
6467
| `linux.livenessProbeImage.repository` | Linux liveness-probe image repository | `k8s.gcr.io/sig-storage/livenessprobe` |
6568
| `linux.livenessProbeImage.pullPolicy` | Linux liveness-probe image pull policy | `IfNotPresent` |
66-
| `linux.livenessProbeImage.tag` | Linux liveness-probe image tag | `v2.4.0` |
69+
| `linux.livenessProbeImage.tag` | Linux liveness-probe image tag | `v2.5.0` |
6770
| `linux.livenessProbe.resources` | The resource request/limits for the linux liveness-probe container image | `limits: 100m CPU, 100Mi; requests: 10m CPU, 20Mi` |
6871
| `linux.env` | Environment variables to be passed for the daemonset on linux nodes | `[]` |
6972
| `linux.priorityClassName` | Indicates the importance of a Pod relative to other Pods. | `""` |
@@ -76,7 +79,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
7679
| `linux.updateStrategy` | Configure a custom update strategy for the daemonset on linux nodes | `RollingUpdate with 1 maxUnavailable` |
7780
| `windows.image.repository` | Windows image repository | `k8s.gcr.io/csi-secrets-store/driver` |
7881
| `windows.image.pullPolicy` | Windows image pull policy | `IfNotPresent` |
79-
| `windows.image.tag` | Windows image tag | `v1.0.0` |
82+
| `windows.image.tag` | Windows image tag | `v1.0.1` |
8083
| `windows.affinity` | Windows affinity | `key: type; operator: NotIn; values: [virtual-kubelet]` |
8184
| `windows.driver.resources` | The resource request/limits for the windows secrets-store container image | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi` |
8285
| `windows.enabled` | Install secrets store csi driver on windows nodes | false |
@@ -87,12 +90,12 @@ The following table lists the configurable parameters of the csi-secrets-store-p
8790
| `windows.metricsAddr` | The address the metric endpoint binds to | `:8095` |
8891
| `windows.registrarImage.repository` | Windows node-driver-registrar image repository | `k8s.gcr.io/sig-storage/csi-node-driver-registrar` |
8992
| `windows.registrarImage.pullPolicy` | Windows node-driver-registrar image pull policy | `IfNotPresent` |
90-
| `windows.registrarImage.tag` | Windows node-driver-registrar image tag | `v2.3.0` |
93+
| `windows.registrarImage.tag` | Windows node-driver-registrar image tag | `v2.4.0` |
9194
| `windows.registrar.resources` | The resource request/limits for the windows node-driver-registrar container image | `limits: 200m CPU, 200Mi; requests: 10m CPU, 20Mi` |
9295
| `windows.registrar.logVerbosity` | Log level for node-driver-registrar. Uses V logs (klog) | `5` |
9396
| `windows.livenessProbeImage.repository` | Windows liveness-probe image repository | `k8s.gcr.io/sig-storage/livenessprobe` |
9497
| `windows.livenessProbeImage.pullPolicy` | Windows liveness-probe image pull policy | `IfNotPresent` |
95-
| `windows.livenessProbeImage.tag` | Windows liveness-probe image tag | `v2.4.0` |
98+
| `windows.livenessProbeImage.tag` | Windows liveness-probe image tag | `v2.5.0` |
9699
| `windows.livenessProbe.resources` | The resource request/limits for the windows liveness-probe container image | `limits: 200m CPU, 200Mi; requests: 10m CPU, 20Mi` |
97100
| `windows.env` | Environment variables to be passed for the daemonset on windows nodes | `[]` |
98101
| `windows.priorityClassName` | Indicates the importance of a Pod relative to other Pods. | `""` |
@@ -112,7 +115,6 @@ The following table lists the configurable parameters of the csi-secrets-store-p
112115
| `syncSecret.enabled` | Enable rbac roles and bindings required for syncing to Kubernetes native secrets | false |
113116
| `enableSecretRotation` | Enable secret rotation feature [alpha] | `false` |
114117
| `rotationPollInterval` | Secret rotation poll interval duration | `"120s"` |
115-
| `filteredWatchSecret` | Enable filtered watch for NodePublishSecretRef secrets with label `secrets-store.csi.k8s.io/used=true` | `true` |
116118
| `providerHealthCheck` | Enable health check for configured providers | `false` |
117119
| `providerHealthCheckInterval` | Provider healthcheck interval duration | `2m` |
118120
| `imagePullSecrets` | One or more secrets to be used when pulling images | `""` |

charts/secrets-store-csi-driver/templates/keep-crds-upgrade-hook.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ roleRef:
3737
name: {{ template "sscd.fullname" . }}-keep-crds
3838
apiGroup: rbac.authorization.k8s.io
3939
---
40+
{{- if .Values.rbac.pspEnabled }}
4041
apiVersion: policy/v1beta1
4142
kind: PodSecurityPolicy
4243
metadata:
@@ -56,6 +57,7 @@ spec:
5657
rule: RunAsAny
5758
volumes:
5859
- secret
60+
{{- end }}
5961
---
6062
apiVersion: v1
6163
kind: ServiceAccount

charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -87,9 +87,6 @@ spec:
8787
- "--rotation-poll-interval={{ .Values.rotationPollInterval }}"
8888
{{- end }}
8989
- "--metrics-addr={{ .Values.windows.metricsAddr }}"
90-
{{- if and (semverCompare ">= v0.0.21-0" .Values.windows.image.tag) .Values.filteredWatchSecret }}
91-
- "--filtered-watch-secret={{ .Values.filteredWatchSecret }}"
92-
{{- end }}
9390
{{- if and (semverCompare ">= v0.0.22-0" .Values.windows.image.tag) .Values.providerHealthCheck }}
9491
- "--provider-health-check={{ .Values.providerHealthCheck }}"
9592
{{- end }}

charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -87,9 +87,6 @@ spec:
8787
- "--rotation-poll-interval={{ .Values.rotationPollInterval }}"
8888
{{- end }}
8989
- "--metrics-addr={{ .Values.linux.metricsAddr }}"
90-
{{- if and (semverCompare ">= v0.0.21-0" .Values.linux.image.tag) .Values.filteredWatchSecret }}
91-
- "--filtered-watch-secret={{ .Values.filteredWatchSecret }}"
92-
{{- end }}
9390
{{- if and (semverCompare ">= v0.0.22-0" .Values.linux.image.tag) .Values.providerHealthCheck }}
9491
- "--provider-health-check={{ .Values.providerHealthCheck }}"
9592
{{- end }}

charts/secrets-store-csi-driver/values.yaml

Lines changed: 7 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,13 @@ linux:
22
enabled: true
33
image:
44
repository: k8s.gcr.io/csi-secrets-store/driver
5-
tag: v1.0.0
5+
tag: v1.0.1
66
pullPolicy: IfNotPresent
77

88
crds:
99
image:
1010
repository: k8s.gcr.io/csi-secrets-store/driver-crds
11-
tag: v1.0.0
11+
tag: v1.0.1
1212
pullPolicy: IfNotPresent
1313
annotations: {}
1414

@@ -34,7 +34,7 @@ linux:
3434

3535
registrarImage:
3636
repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar
37-
tag: v2.3.0
37+
tag: v2.4.0
3838
pullPolicy: IfNotPresent
3939

4040
registrar:
@@ -49,7 +49,7 @@ linux:
4949

5050
livenessProbeImage:
5151
repository: k8s.gcr.io/sig-storage/livenessprobe
52-
tag: v2.4.0
52+
tag: v2.5.0
5353
pullPolicy: IfNotPresent
5454

5555
livenessProbe:
@@ -93,7 +93,7 @@ windows:
9393
enabled: false
9494
image:
9595
repository: k8s.gcr.io/csi-secrets-store/driver
96-
tag: v1.0.0
96+
tag: v1.0.1
9797
pullPolicy: IfNotPresent
9898

9999
## Prevent the CSI driver from being scheduled on virtual-kubelet nodes
@@ -118,7 +118,7 @@ windows:
118118

119119
registrarImage:
120120
repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar
121-
tag: v2.3.0
121+
tag: v2.4.0
122122
pullPolicy: IfNotPresent
123123

124124
registrar:
@@ -133,7 +133,7 @@ windows:
133133

134134
livenessProbeImage:
135135
repository: k8s.gcr.io/sig-storage/livenessprobe
136-
tag: v2.4.0
136+
tag: v2.5.0
137137
pullPolicy: IfNotPresent
138138

139139
livenessProbe:
@@ -200,9 +200,6 @@ enableSecretRotation: false
200200
## Secret rotation poll interval duration
201201
rotationPollInterval:
202202

203-
## Filtered watch nodePublishSecretRef secrets
204-
filteredWatchSecret: true
205-
206203
## Provider HealthCheck
207204
providerHealthCheck: false
208205

deploy/secrets-store-csi-driver-windows.yaml

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ spec:
1717
serviceAccountName: secrets-store-csi-driver
1818
containers:
1919
- name: node-driver-registrar
20-
image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.3.0
20+
image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.4.0
2121
args:
2222
- --v=5
2323
- "--csi-address=unix://C:\\csi\\csi.sock"
@@ -50,15 +50,14 @@ spec:
5050
cpu: 100m
5151
memory: 100Mi
5252
- name: secrets-store
53-
image: k8s.gcr.io/csi-secrets-store/driver:v1.0.0
53+
image: k8s.gcr.io/csi-secrets-store/driver:v1.0.1
5454
args:
5555
- "--endpoint=$(CSI_ENDPOINT)"
5656
- "--nodeid=$(KUBE_NODE_NAME)"
5757
- "--provider-volume=C:\\k\\secrets-store-csi-providers"
5858
- "--metrics-addr=:8095"
5959
- "--enable-secret-rotation=false"
6060
- "--rotation-poll-interval=2m"
61-
- "--filtered-watch-secret=true"
6261
- "--provider-health-check=false"
6362
- "--provider-health-check-interval=2m"
6463
env:
@@ -100,7 +99,7 @@ spec:
10099
- name: providers-dir
101100
mountPath: C:\k\secrets-store-csi-providers
102101
- name: liveness-probe
103-
image: k8s.gcr.io/sig-storage/livenessprobe:v2.4.0
102+
image: k8s.gcr.io/sig-storage/livenessprobe:v2.5.0
104103
imagePullPolicy: IfNotPresent
105104
args:
106105
- "--csi-address=unix://C:\\csi\\csi.sock"

deploy/secrets-store-csi-driver.yaml

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ spec:
1717
serviceAccountName: secrets-store-csi-driver
1818
containers:
1919
- name: node-driver-registrar
20-
image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.3.0
20+
image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.4.0
2121
args:
2222
- --v=5
2323
- --csi-address=/csi/csi.sock
@@ -50,15 +50,14 @@ spec:
5050
cpu: 10m
5151
memory: 20Mi
5252
- name: secrets-store
53-
image: k8s.gcr.io/csi-secrets-store/driver:v1.0.0
53+
image: k8s.gcr.io/csi-secrets-store/driver:v1.0.1
5454
args:
5555
- "--endpoint=$(CSI_ENDPOINT)"
5656
- "--nodeid=$(KUBE_NODE_NAME)"
5757
- "--provider-volume=/etc/kubernetes/secrets-store-csi-providers"
5858
- "--metrics-addr=:8095"
5959
- "--enable-secret-rotation=false"
6060
- "--rotation-poll-interval=2m"
61-
- "--filtered-watch-secret=true"
6261
- "--provider-health-check=false"
6362
- "--provider-health-check-interval=2m"
6463
env:
@@ -103,7 +102,7 @@ spec:
103102
cpu: 50m
104103
memory: 100Mi
105104
- name: liveness-probe
106-
image: k8s.gcr.io/sig-storage/livenessprobe:v2.4.0
105+
image: k8s.gcr.io/sig-storage/livenessprobe:v2.5.0
107106
imagePullPolicy: IfNotPresent
108107
args:
109108
- --csi-address=/csi/csi.sock

manifest_staging/charts/secrets-store-csi-driver/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
apiVersion: v2
22
name: secrets-store-csi-driver
3-
version: 1.0.0
4-
appVersion: 1.0.0
3+
version: 1.0.1
4+
appVersion: 1.0.1
55
kubeVersion: ">=1.16.0-0"
66
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
77
icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png

0 commit comments

Comments
 (0)